General
-
Target
f3ffb7492f6be60b4e3bff2cb9cb658d.exe
-
Size
5.1MB
-
Sample
210216-ptzb9xfdwx
-
MD5
f3ffb7492f6be60b4e3bff2cb9cb658d
-
SHA1
b4e6cb6f8429d70aac6fca37f86469d85a4d408a
-
SHA256
c120fd3e62a0ecd299625f3fbf622fb8a56b534828b6788fe766f1bc36ac7a68
-
SHA512
373bec9c21b7395ecd732e2c0de13fc051810139160c5b82ce3a6d7f58e75e5cd1a26e455ea032203a964d5056dfdcc450c462f8b6f4472c534b959e0b2bc105
Behavioral task
behavioral1
Sample
f3ffb7492f6be60b4e3bff2cb9cb658d.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
f3ffb7492f6be60b4e3bff2cb9cb658d.exe
-
Size
5.1MB
-
MD5
f3ffb7492f6be60b4e3bff2cb9cb658d
-
SHA1
b4e6cb6f8429d70aac6fca37f86469d85a4d408a
-
SHA256
c120fd3e62a0ecd299625f3fbf622fb8a56b534828b6788fe766f1bc36ac7a68
-
SHA512
373bec9c21b7395ecd732e2c0de13fc051810139160c5b82ce3a6d7f58e75e5cd1a26e455ea032203a964d5056dfdcc450c462f8b6f4472c534b959e0b2bc105
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-